In a Data Loss Prevention policy, what does the Alert action do?

• A. Blocks the transfer
• B. Encrypts the data in transit
• C. Prevents the transfer and notifies security
• D. Allows the transfer to continue but logs and alerts

Answer: (D)

Data Loss Prevention policies are about detecting sensitive information and deciding what to do next. When the Alert action is triggered, the system logs the incident and sends an alert to security, but it does not stop the transfer or automatically encrypt the data. The user can continue the transfer, but there’s an auditable record and a notification so security can review and respond if needed. The log typically includes details like what was detected, where it came from, where it’s going, the policy involved, and the time of the event. This approach provides visibility and rapid response without interrupting normal workflow, unlike blocking which would halt the transfer or encryption which protects the data but doesn’t generate an immediate alert.